FCC Approves ‘Spoofing’ Regulations

Published August 8, 2011

The Federal Communications Commission will implement the Truth in Caller ID Act on Aug. 19 in an effort to crack down on caller-identification fraud. The law prohibits falsifying caller ID information with intent for wrongdoing.

Some industry observers, however, say the vague wording of the law may lead to frivolous charges that individuals who use several different phones with a single contact number may be accused of attempting to “defraud” or “deceive” the recipient.

“It seems reasonable to assume that legitimate redirection of caller ID information is outside of the scope Congress intended to target with this legislation,” wrote Tony Bradley, a blogger for PCWorld. “However, the wording of the law still leaves room for a disgruntled party to cry foul should they be so inclined.”

Malicious Spoofing
Manipulating caller ID, or “spoofing,” occurs when a caller transmits false phone numbers and caller names. A recipient of a spoofed call is deceived into believing the call is coming from an individual or business other than the actual caller.

The Truth in Caller ID Act of 2009 covers telephone and Internet-based voice calls.  The Act states, “It shall be unlawful for any person within the United States, in connection with any telecommunications service or IP-enabled voice service, to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.” It exempts law enforcement agencies and court ordered subpoenas.

The Act amends the 1934 Communications Act, and was initially introduced in January 2009 by Sen. Bill Nelson (D-FL). It passed the Senate in February 2010 and the House of Representatives this past December. President Obama signed the bill into law on December 22, 2010. The FCC approved its enforcement rules on June 23, 2011.

Under the FCC’s new regulations, convicted malicious spoofers will be fined $10,000 per day and up to $30,000 per day for continuing offenses, but not over $1 million per offense.

Legitimate Spoofing
The new rules do not bar individuals from blocking their own caller IDs. Telemarketers are still required to transmit their correct caller ID.

The law targets only those who alter caller IDs knowingly and for malicious purposes. Proof of intent of wrongdoing will be necessary for prosecution under the Act.

Spoofing has legitimate uses. Businesses and on-call doctors often alter caller IDs so recipients see the main office’s number rather than an extension or cell phone number. The FCC chose not to exempt this, though it noted the Act does not prohibit harmless uses of caller ID manipulation.

Spoofing can also serve criminal purposes. By changing the calling number, spoofers can dupe recipients into taking their calls, commit identity fraud, and place fake 911 calls. This sort of activity is prohibited by the Act. FCC Spokesman Mark Wigfield said although some such behavior is already illegal, the ruling “gives us more authority to go after them.”

FCC Recommends Expanding Act
Steve Augustino, a partner in the Telecommunications Practice Group at Kelley Drye & Warren LLP, said, “The FCC is going to have its work cut out for it in investigating” to prove malicious intent in relatively minor cases. But in the types of instances the Act is targeting—such as using spoofing to call SWAT teams into victims’ homes—he said, “I don’t think it would be too difficult to prove intent.”

Corey Anders, spokesman for spoofing service Itellas Communications, says many firms already employed appropriate security features prior to the FCC regulations. “For instance, we do not allow employees to hack voicemail boxes, harass, dial 911, call 900 numbers, or use our service for nefarious purposes,” Anders said. Because Itellas already keeps detailed user information, the firm is in compliance with the new regulation, he said.

The FCC considered but did not adopt heavier requirements on spoofing services, which Anders says would have crippled the industry. Early compliance with the Act had a negative impact on Itellas, Anders said, when Google “kicked all of the caller ID spoofing apps out of the Android market” in response, even though most uses of spoofing are still legal.

Augustino said the Act and FCC rules are so narrowly focused they “should not disrupt legitimate business purposes.”

Augustino noted, however, the FCC has recommended Congress expand the Act to cover more communication technologies, such as instant messaging.

Hannah K. Mead ([email protected]) is a communications assistant at the Mackinac Center for Public Policy in Midland, Michigan.

Internet Info:

“The Truth in Caller ID Act of 2009,” U.S. Senate Bill 30: http://www.gpo.gov/fdsys/pkg/BILLS-111s30enr/pdf/BILLS-111s30enr.pdf.

“Caller ID and Spoofing,” Federal Communications Commission: http://www.fcc.gov/guides/caller-id-and-spoofing.

“Caller ID Spoofing Ban Is Bad for Business,” Tony Bradley, PCWorld, April 15, 2010: http://www.pcworld.com/businesscenter/article/194319/caller_id_spoofing_ban_is_bad_for_business.html.